Vulnerable Apache Solr, Redis, Windows servers hit with cryptominers
Vulnerable servers of all kinds are being targeted, compromised and made to mine cryptocurrencies for the attackers. Apache Solr servers under attack SANS ISC handler Renato …
Cisco fixes critical flaw in its Secure Access Control System
Cisco has pushed out fixes for security vulnerabilities in a wide variety of its products, including two critical flaws in its Secure Access Control System (ACS) and its Prime …
Exim vulnerability opens 400,000 servers to remote code execution
If you’re using the Exim mail transfer agent on your Internet-connected Unix-like systems and you haven’t yet upgraded to version 4.90.1, now is the time to do it …
Surge in memcached-based reflected DDoS attacks is due to misconfigured servers
Massive memcached-based reflection DDoS attacks with an unprecedented amplification factor have been ongoing for the last few days, by taking advantage of memcached servers …
Unsecured Elasticsearch servers turned into PoS malware C&Cs
Security researchers have discovered over 4,000 Elasticsearch servers compromised to distribute and control PoS malware. 99 percent of them are hosted by Amazon. What is …
Hackers hosted tools on a Stanford University website for months
Compromising legitimate websites and the web servers that store and deliver them is a time-honoured tactic of opportunistic hackers, and a failure to keep them out can result …
Vulnerability opens FreeRADIUS servers to unauthenticated attackers
A vulnerability in the free, open source FreeRADIUS server could be exploited by remote attackers to bypass authentication via PEAP or TTLS. There is currently no indication …
European companies hit with highly customizable ransomware
Panda Security researchers have been following and analyzing ransomware attacks that have been targeting European business for a few months now, and have tied them to the same …
Actively exploited zero-day in IIS 6.0 affects 60,000+ servers
Microsoft Internet Information Services (IIS) 6.0 sports a zero-day vulnerability (CVE-2017-7269) that was exploited in the wild last summer and is likely also being exploited …
Cyber criminals targeting healthcare orgs’ FTP servers
FBI’s Cyber Division has sent out another notification to healthcare organizations, alerting them to the danger of cyber criminals using their FTP servers for various …
Deception security doesn’t have to be onerous or expensive
When talking about deception security, most infosec pros’ mind turns to honeypots and decoy systems – additional solutions that companies have to buy, deploy, and …
Security audit of Dovecot mailserver reveals good security practices
Dovecot – a popular open source IMAP and POP3 server for Linux/UNIX-like systems – is as secure as its developers claim it is. A security audit performed by German …